true. We can try it in remix. If we pass the following value as parameter _name:
0x0000000000000000000000000000000000000000000000000000000000000001
Solidity compiler gives warnings for uninitialized variables. Developer needs to
pay attention to these warnings. And it is always a good programming habit to add
memory or storage modifier to variables explicitly.
8.2.2.4 Entropy Illusion
As described in previous chapters, all Ethereum transactions are deterministic state
transfer: each transaction updates the global state of Ethereum system and state
transfer is in the form of calcul ation. And theoretically, it can be formal verified.
Since everything in Ethereum is deterministic, that is to say that there is not a random
source in the whole blockchain. Tha t is why there is no rand() funct ion in solidity.
Currently, there are many proposals about how to obtain randomness in blockchain.
One of the most well-known proposals is RandDAO.
There are many gambling contracts/DApps built on the Ethereum platform.
Generally speaking, gambling requires uncertainty coming from a source external
to the blockchain. This is possible for bets among peers (for example, the commit-
reveal scheme proposed by RandDAO), however, if you want to implement a
contract to act as the house (like in blackjack or roule tte), it is much more difficult.
A common misuse is to use future block variables, such as hashes, timestamps, block
number, or gas limit. The issue with these is that they are controlled by the miner
who mines the block and as such are not trul y random. For example, a gambling
smart contract holds logic that returns black if the next block hash ends in an even
number. A miner (or miner pool) could bet $1 M on black. If they solve the next
block and find the hash ends in an odd number, they would prefer not to publish their
block and mine another until they find a solution with the block hash being an even
number. Using past or present variables can be even more devastating. Furthermore,
using solely block variables means that the pseudo-random number will be the same
for all transactions in a block, so an attacker can multiply their wins by doing many
transactions within a block (should there be a maximum bet).
Since there is no source of randomness in blockchain, the source of randomness
must be external to the blockchain. This can be done among peers with syst ems such
as RandDAO (commit-reveal scheme), or via changing the trust model to a group of
participants. Another popular solution is to introduce randomness source which is
called Oracle (could be centralized or decentralized). Block variables should not be
used as source entropy since they can be manipulated by miners.
8.2.2.5 Block Timestamp Manipulation
Block timestamp is used by many apps in implementing their busin ess logic, such as
randomness source, and lock period of the fund. And many state-change conditions
8.2 Attacking Vector 233